Blame SOURCES/0003-LDAP-failover-does-not-work-on-non-responsive-ldaps.patch

d6181b
From 5afd3f6030a78d1c3631c645955c0804b7e7abce Mon Sep 17 00:00:00 2001
d6181b
From: Tomas Halman <thalman@redhat.com>
d6181b
Date: Mon, 24 Jun 2019 15:58:09 +0200
d6181b
Subject: [PATCH 3/4] LDAP: failover does not work on non-responsive ldaps
d6181b
d6181b
In case ldaps:// is used, then establishing the secure socket is
d6181b
a sychronous operation. If there's nothing on the other end, then
d6181b
the process would be stuck waiting in for the crypto library
d6181b
to finish.
d6181b
d6181b
Here we set socket read/write timeout so the operation can finish
d6181b
in reasonable time with an error. The ldap_network_timeout
d6181b
option is used for this timeout.
d6181b
d6181b
Resolves:
d6181b
https://pagure.io/SSSD/sssd/issue/2878
d6181b
d6181b
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
d6181b
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
d6181b
---
d6181b
 src/util/sss_sockets.c | 26 ++++++++++++++++++++++++--
d6181b
 1 file changed, 24 insertions(+), 2 deletions(-)
d6181b
d6181b
diff --git a/src/util/sss_sockets.c b/src/util/sss_sockets.c
d6181b
index 5e9be9ebd..0e4d8df8a 100644
d6181b
--- a/src/util/sss_sockets.c
d6181b
+++ b/src/util/sss_sockets.c
d6181b
@@ -74,10 +74,11 @@ static errno_t set_fcntl_flags(int fd, int fd_flags, int fl_flags)
d6181b
     return EOK;
d6181b
 }
d6181b
 
d6181b
-static errno_t set_fd_common_opts(int fd)
d6181b
+static errno_t set_fd_common_opts(int fd, int timeout)
d6181b
 {
d6181b
     int dummy = 1;
d6181b
     int ret;
d6181b
+    struct timeval tv;
d6181b
 
d6181b
     /* SO_KEEPALIVE and TCP_NODELAY are set by OpenLDAP client libraries but
d6181b
      * failures are ignored.*/
d6181b
@@ -97,6 +98,27 @@ static errno_t set_fd_common_opts(int fd)
d6181b
                   strerror(ret));
d6181b
     }
d6181b
 
d6181b
+    if (timeout > 0) {
d6181b
+        /* Set socket read & write timeout */
d6181b
+        tv = tevent_timeval_set(timeout, 0);
d6181b
+
d6181b
+        ret = setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv));
d6181b
+        if (ret != 0) {
d6181b
+            ret = errno;
d6181b
+            DEBUG(SSSDBG_FUNC_DATA,
d6181b
+                  "setsockopt SO_RCVTIMEO failed.[%d][%s].\n", ret,
d6181b
+                  strerror(ret));
d6181b
+        }
d6181b
+
d6181b
+        ret = setsockopt(fd, SOL_SOCKET, SO_SNDTIMEO, &tv, sizeof(tv));
d6181b
+        if (ret != 0) {
d6181b
+            ret = errno;
d6181b
+            DEBUG(SSSDBG_FUNC_DATA,
d6181b
+                  "setsockopt SO_SNDTIMEO failed.[%d][%s].\n", ret,
d6181b
+                  strerror(ret));
d6181b
+        }
d6181b
+    }
d6181b
+
d6181b
     return EOK;
d6181b
 }
d6181b
 
d6181b
@@ -264,7 +286,7 @@ struct tevent_req *sssd_async_socket_init_send(TALLOC_CTX *mem_ctx,
d6181b
         goto fail;
d6181b
     }
d6181b
 
d6181b
-    ret = set_fd_common_opts(state->sd);
d6181b
+    ret = set_fd_common_opts(state->sd, timeout);
d6181b
     if (ret != EOK) {
d6181b
         DEBUG(SSSDBG_CRIT_FAILURE, "set_fd_common_opts failed.\n");
d6181b
         goto fail;
d6181b
-- 
d6181b
2.20.1
d6181b